kern/51436: tmpfs mount crashes when tmpfs is autoloaded as a module

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/51436: tmpfs mount crashes when tmpfs is autoloaded as a module
From: martin%NetBSD.org@localhost
Date: Mon, 22 Aug 2016 11:00:00 +0000 (UTC)

>Number:         51436
>Category:       kern
>Synopsis:       tmpfs mount crashes when tmpfs is autoloaded as a module
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Aug 22 11:00:00 +0000 2016
>Originator:     Martin Husemann
>Release:        NetBSD 7.99.36
>Organization:
The NetBSD Foundation, Inc.
>Environment:
System: NetBSD whoever-brings-the-night.aprisoft.de 7.99.36 NetBSD 7.99.36 (WHOEVER) #15: Mon Aug 22 12:42:20 CEST 2016 martin%martins.aprisoft.de@localhost:/ssd/src/sys/arch/sparc64/compile/WHOEVER sparc64
Architecture: sparc64
Machine: sparc64
>Description:

I use a modular kernel w/o tmpfs. When trying to mount the first tmpfs,
the system crashes due to a NULL deref. After sprinkinling some noinline
attrbiutes and printfs I see that VFS_NEWVNODE fails with error 28,
which makes vcache_new() for the tmpfs root vnode fail as well - and
deliver a NULL vp, which then causes the crash.

I am not sure the struct mount *mp passed here is ok:

# mount /var/shm
error from VFS_NEWVNODE: 28
panic: vcache_new for tmpfs root failed: 28
Stopped in pid 7.1 (mount_tmpfs) at     netbsd:cpu_Debugger+0x4:        nop

db{1}> mach stack
Window 0 frame64 0x260727650 locals, ins:
1c8b648 0 107653c78 0 0 3 ae0 2
2035418 260727848 1ce5400 1ce6800 104 1ce6a50 260726f01=sp 1548284=pc:netbsd:pan
ic+0x24
Window 1 frame64 0x260727700 locals, ins:
1092fa2d0 1092fa410 10764d7a8 1 18b3440 18ba058 0 10
2035418 1c 260727890 1c9a800 260727888 1c 260726fc1=sp 2038c50=pc:tmpfs:tmpfs_mo
unt+0x330
Window 2 frame64 0x2607277c0 locals, ins:
80000000 18b4998 18b4098 0 0 1092fad50 1092b9400 2607279e0
1092c5008 ffffffffffe14400 10764d7a8 107653c78 200003 0 260727141=sp 1597140=pc:
netbsd:VFS_MOUNT+0x20

db{1}> show mount 0x1092fa2d0
vnodecovered = 0x0 data = 0x0
fs_bshift -1 dev_bshift = -1
flag = 0x0
iflag = 0x18238a0<IMNT_HAS_TRANS>
refcnt = 1 unmounting @ 0x1092fa318 updating @ 0x1092fac20
statvfs cache:
        bsize = 0
        frsize = 0
        iosize = 0
        blocks = 0
        bfree = 0
        bavail = 0
        bresvd = 0
        files = 0
        ffree = 0
        favail = 0
        fresvd = 0
        f_fsidx = { 0x0, 0x0 }
        owner = 0
        namemax = 0
        flag = 0xffffffffffffffff<MNT_SOFTDEP,MNT_NODEVMTIME,MNT_SYMPERM,MNT_EXP
UBLIC,MNT_EXNORESPORT,MNT_NOATIME,MNT_LOG,MNT_EXTATTR,MNT_DISCARD,MNT_GETARGS,MN
T_UNUSED,MNT_IGNORE,MNT_FORCE,MNT_RELOAD,MNT_RELATIME,MNT_UPDATE,MNT_NOCOREDUMP,
MNT_ROOTFS,MNT_QUOTA,MNT_LOCAL
        syncwrites = 0
        asyncwrites = 0
        syncreads = 0
        asyncreads = 0
        fstypename =
        mntonname =     ,P
        mntfromname =
locked vnodes =


>How-To-Repeat:
s/a

>Fix:
n/a

Prev by Date: PR/51427 CVS commit: src
Next by Date: Re: kern/51436: tmpfs mount crashes when tmpfs is autoloaded as a module
Previous by Thread: PR/51427 CVS commit: src
Next by Thread: Re: kern/51436: tmpfs mount crashes when tmpfs is autoloaded as a module
Indexes:

Home | Main Index | Thread Index | Old Index